usenix conference policies

You are here

connect with us

Implementing Multiple Protection Domains in Java

Abstract:

Safe language technology can be used for protection within a single
address space. This protection is enforced by the language’s type system, which
ensures that references to objects cannot be forged. A safe language alone, however, lacks
many features taken for granted in more traditional operating systems, such as rights
revocation, thread protection, resource management, and support for domain termination.
This paper describes the J-Kernel, a portable Java-based protection system that addresses
these issues. J-Kernel protection domains can communicate through revocable capabilities,
but are prevented from directly sharing unrevocable objects references. A number of
micro-benchmarks are presented to characterize the costs of language-based protection, and
an extensible web server based on the J-Kernel demonstrates the use of safe language
techniques in a large application.